merged with bugzilla/4.2

3 files changed, 21 insertions, 9 deletions

diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm
index 88c48e236..4db486a8f 100644
--- a/Bugzilla/Auth/Login/Cookie.pm
+++ b/Bugzilla/Auth/Login/Cookie.pm
@@ -72,8 +72,8 @@ sub get_login_info {
         trick_taint($login_cookie);
         detaint_natural($user_id);
 
-        my $is_valid =
-          $dbh->selectrow_array('SELECT 1
+        my $db_cookie =
+          $dbh->selectrow_array('SELECT cookie
                                    FROM logincookies
                                   WHERE cookie = ?
                                         AND userid = ?
@@ -81,7 +81,7 @@ sub get_login_info {
                                  undef, ($login_cookie, $user_id, $ip_addr));
 
         # If the cookie is valid, return a valid username.
-        if ($is_valid) {
+        if (defined $db_cookie && $login_cookie eq $db_cookie) {
             # If we logged in successfully, then update the lastused 
             # time on the login cookie
             $dbh->do("UPDATE logincookies SET lastused = NOW() 
diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm
index 1f712f25d..ef3afeccb 100644
--- a/Bugzilla/Constants.pm
+++ b/Bugzilla/Constants.pm
@@ -209,7 +209,7 @@ use Memoize;
 # CONSTANTS
 #
 # Bugzilla version
-use constant BUGZILLA_VERSION => "4.2.6+";
+use constant BUGZILLA_VERSION => "4.2.7";
 
 # Location of the remote and local XML files to track new releases.
 use constant REMOTE_FILE => 'http://updates.bugzilla.org/bugzilla-update.xml';
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index 4804851bb..24df470ac 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -277,13 +277,18 @@ sub Cancel {
 
     # Get information about the token being canceled.
     trick_taint($token);
-    my ($issuedate, $tokentype, $eventdata, $userid) =
-        $dbh->selectrow_array('SELECT ' . $dbh->sql_date_format('issuedate') . ',
+    my ($db_token, $issuedate, $tokentype, $eventdata, $userid) =
+        $dbh->selectrow_array('SELECT token, ' . $dbh->sql_date_format('issuedate') . ',
                                       tokentype, eventdata, userid
                                  FROM tokens
                                 WHERE token = ?',
                                 undef, $token);
 
+    # Some DBs such as MySQL are case-insensitive by default so we do
+    # a quick comparison to make sure the tokens are indeed the same.
+    (defined $db_token && $db_token eq $token)
+        || ThrowCodeError("cancel_token_does_not_exist");
+
     # If we are canceling the creation of a new user account, then there
     # is no entry in the 'profiles' table.
     my $user = new Bugzilla::User($userid);
@@ -348,10 +353,17 @@ sub GetTokenData {
     $token = clean_text($token);
     trick_taint($token);
 
-    return $dbh->selectrow_array(
-        "SELECT userid, " . $dbh->sql_date_format('issuedate') . ", eventdata 
-         FROM   tokens 
+    my @token_data = $dbh->selectrow_array(
+        "SELECT token, userid, " . $dbh->sql_date_format('issuedate') . ", eventdata
+         FROM   tokens
          WHERE  token = ?", undef, $token);
+
+    # Some DBs such as MySQL are case-insensitive by default so we do
+    # a quick comparison to make sure the tokens are indeed the same.
+    my $db_token = shift @token_data;
+    return undef if (!defined $db_token || $db_token ne $token);
+
+    return @token_data;
 }
 
 # Deletes specified token